<?php
require_once('init.php');

$uptypes = array( 
    'image/jpg',
    'image/jpeg',
    //'image/png',
    'image/pjpeg'
    //'image/gif',
    //'image/bmp',
    //'image/x-png'
 );

if($_POST['Submit']=='上传'){
	$file        =  $_FILES["upfile"];
	$fname         =  $_FILES["upfile"]["name"];
	$fname_array   =  explode('.',$fname);
	$extend        =  $fname_array[count($fname_array)-1];
	$MAX_FILE_SIZE =  512000;
 //文件当前位置创建picture文件夹，若要在上一层目录创建则为"../picture/";
 $dest_folder   =  "picture/";
 if($extend!=""){
  if(!in_array($file["type"],$uptypes)){
  echo "只能上传图片文件! <a href ='javascript:history.go(-1);'>返回</a> ";
   exit;
  }
  if($file["size"]>$MAX_FILE_SIZE){
      echo "图片大小不能超过512KB! <a href ='javascript:history.go(-1);'>返回</a>";
   exit;
  }
  if(!file_exists($dest_folder)){
           mkdir($dest_folder);
  }

  $randval    = $uid."_".date('Ymd').rand();
  $uploadfile = $dest_folder.$randval.'.'.$extend;
  
  $cid = $_GET['cid'];
  $ctime = time();
  $sql="insert into ".DB_PREFIX."attachment(cid,uid,filepath,cTime) values('$cid','$uid','$uploadfile','$ctime')";
  $DB->query($sql);
  
  $res=mysql_query("select * from ".DB_PREFIX."attachment where filepath='$uploadfile'");
  $row = mysql_fetch_array($res);
  $aid = $row['id'];
  
  echo '<p style="font-size:12px;color:#666666;">上传成功：'.$uploadfile.' <a href=#>[删除]</a> </p>
   <br />';
   echo "<script>window.parent.document.getElementById('uploadvalue').value='".$aid."'</script>";
  if(move_uploaded_file($_FILES["upfile"]["tmp_name"],$uploadfile)){
   echo "";
  }else{
   echo "图片上传失败! <a href ='javascript:history.go(-1);'>返回</a>";
  }
 }
}
?> 
